Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix command injection issue on detect cms
  • Loading branch information
yogeshojha committed May 22, 2022
1 parent 72a5fb2 commit 8277cec
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions web/reNgine/common_func.py
Expand Up @@ -6,6 +6,7 @@
import tldextract
import logging
import shutil
import subprocess

from threading import Thread

Expand Down Expand Up @@ -668,8 +669,12 @@ def get_whois(ip_domain, save_db=False, fetch_from_db=True):
def get_cms_details(url):
# this function will fetch cms details using cms_detector
response = {}
cms_detector_command = 'python3 /usr/src/github/CMSeeK/cmseek.py -u {} --random-agent --batch --follow-redirect'.format(url)
os.system(cms_detector_command)
cms_detector_command = 'python3 /usr/src/github/CMSeeK/cmseek.py --random-agent --batch --follow-redirect'
subprocess_splitted_command = cms_detector_command.split()
subprocess_splitted_command.append('-u')
subprocess_splitted_command.append(url)
process = subprocess.Popen(subprocess_splitted_command)
process.wait()

response['status'] = False
response['message'] = 'Could not detect CMS!'
Expand Down

0 comments on commit 8277cec

Please sign in to comment.